Audit Committee Assurance Report - November 2024
Meeting: Trust Board – Public Meeting
Date: 6 November 2024
Report Title: Audit Committee Assurance Report
Agenda Item: PUB24/11/6.1
Committee Date: 23 October 2024
Meeting Chair: George Lynn, Non-Executive Director and Committee Chair
Meeting Quorate YES
Purpose: Assurance
Recommendation: The Board is asked to receive assurance from the business discussed at the meeting and to review the matters for escalation and referral.
Link to Strategic Objective:
- Be an exceptional place to work, volunteer and learn
- Provide outstanding quality of care and performance
- Be excellent collaborators and innovators as system partners
- Be an environmentally and financially sustainable organisation
Summary of Items Considered at the Meeting:
| Issue | Consideration | Resolution/Outcome | Assurance |
|---|---|---|---|
| Board Assurance Framework and Corporate Risk Register | Overview of strategic and corporate risk management of the organisation including specific review of risk monitoring processes. | Noted that Performance Committee had proposed an increase in risk scorings with respect to Strategic Risks 3 due to slow and variable progress on the Trust’s approach to Hub implementation; this was agreed. Considered the findings of Internal Audit into the Board Assurance Framework (BAF); internal audit concluded Reasonable Assurance. Recommended that BAF assurance and gaps should be aligned to (a) “three lines of defence” (single sources MI/KPI’s, multiple sources (sub-groups) and independent sources), and (b) Integrated Performance Report (IPR). It was reported that new BAF templates are being considered for 2025. | Reasonable |
| Group Assurance Report | Report on levels of assurance provided in areas reported to the Compliance and Risk Group (CRG) at its last meeting (24 September 2024). | Noted that two groups reported: Data Quality and Security (Reasonable Assurance) and Business Continuity Steering and Assurance Group (Limited Assurance). There were no areas identified for escalation to Audit Committee by CRG. We noted that the Internal Audit Report recently undertaken noted Limited Assurance as well. | Reasonable |
| Directorate Risk Register Deep-dive: Health and Safety | Report on Health and Safety (H&S) risk registers and management. | The deep-dive considered two areas of open risks: appropriate manual handling techniques and H&S plan phase 2 – to deliver improvements. Improved performance was noted in both areas, including extending training by “train the trainer” principles. Levels of H&S inspections have continued to increase. | Reasonable |
| Review of Hospitality Register | 6-month review of reported conflicts of interest and gifts. | Noted four items amounting in total to less than £500. No policy breaches over last 6-months. | Reasonable |
| Governance Review of Board and Committee Sub-Groups | Progress report on the reviews into the workings of the sub-groups underpinning CRG and Audit Committee. | Report noted that first two (of three) phases had been completed. The final, being proposed as an updated BGAF, to be reviewed at the next Audit Committee meeting. The Committee noted that phases 1 and 2 had been reported as providing extensive and detailed analysis of sub-group workings. The Committee asked that these be shared with Audit Committee members so that we can have a more informed discussion. | Moderate |
| Information Governance and Data Security Protection Toolkit (DSPT) updates | Update on the Trust’s current position with respect to: Digital Security Protection Tool compliance; Information Governance (IG) breaches; Subject Access Requests and FOI’s | The Committee noted: FOI compliance 60%; IG breaches at 15 per month; IG training compliance has improved to 83%. The ICO undertook an audit in September 2024; final audit report to be presented to next Audit Committee meeting. Reported that audit was balanced with positives and negatives, but also compliments for the team. Noted that new DSPT adopts National Cyber Security – Cyber Assessment Framework. The team was reviewing potential workloads and will report to the Committee. | Reasonable |
| Civil Contingencies Act Compliance – EPRR self-assessment | Overview of the Trust’s progress to comply with EPRR Core Standards and the Interoperable Capabilities as part of wider NHS preparedness. | Noted current assessments are: EPRR Core Standards (94.8%); Interoperable Capabilities (97.7%) incl. three partially compliant. Noted that continuing high levels of compliance were reliant on Resilience Team staffing levels. Most Manchester Arena recommendations are currently unfunded by the NHS. | Substantial |
| Financial Management – Losses and Special Payments | Quarterly Report on compliance with HM Treasury 2023 publication “Managing Public Money” – (July - September 2024). | 11 losses and ex-gratia payments totalling £71.8k were noted. The Committee was made aware of further losses arising in Q3 from Employee Relations (ER) cases. It was agreed to refer to People Committee and ask what is the Trust doing to eliminate staff being treated “unlawfully” and giving rise to significant financial awards? | Reasonable |
| Financial Management – Tenders and Waivers | Report on Tenders and Waivers (July - September 2024). | Noted that, despite introducing new financial controls at the start of Q1, the Trust waivered £352,829 of non-pay in Q2 and if this trend continues will be likely to breach its 2% target. Noted there is evidence that Q2’s waivers (33% of Q1) has been partially due to new system (“Atamis”). This continues to be rolled out and will be vital in meeting the new Procurement Act provisions after a delayed commencement date. | Moderate |
| Annual Review of Treasury Management Policy | To ensure effective governance and compliance in line with NHS England and HM Treasury requirements. | Policy presented with only one minor amendment. Committee discussion considered financial reporting obligations set out in TMP compared with actual financial IPR data – to be reviewed. | Substantial |
| Counter Fraud Strategic Plan 2025-28 and Anti-Bribery Statement | The Trust is required to have a 3-5 year counter fraud, bribery and corruption strategy. | 2025-28 Strategy was reviewed and approved. | Reasonable |
| Counter Fraud Progress Report | Update on Counter Fraud activity since last meeting. | Continuing progress in managing fraud across EEAST was noted. There are currently 10 open investigations, and two have been closed since the last report. | Reasonable |
| Internal Audit Reports | Update on emerging internal audit work against 2024-25 plan, including: Business Continuity (limited assurance); Wellbeing (reasonable assurance); Fit and Proper Person (reasonable assurance); BAF and Risk Management (reasonable assurance) | The reports issued were noted, in particular the lack of clarity in accountability for Business Continuity within the Trust. The Committee agreed to refer to the Trust Board. | Reasonable |
Matters for escalation or referral:
| Issue | Reason | ||
|---|---|---|---|
| Financial Management – Losses and Special Payments | Referral to People Committee | Audit Committee agreed to refer the losses arising from Employee Relations cases to People Committee and ask: what is the Trust doing to eliminate staff being treated “unlawfully” and giving rise to significant financial awards? | |
| Internal Audit Report – Business Continuity | Referral to Private Board | Audit Committee was concerned at the lack of clarity in accountability for Business Continuity within the Trust (the internal audit report offered limited assurance); a referral to the Trust Board was agreed. |
